Those three ATP products provided by Microsoft are often confusing to people, what they are used for. ATP is the term Advanced Threat Protection’s abbreviation. But why there are three different types ATPs from Microsoft and what the difference among them, which one I should pick for my business?
Here are some summarized information I found from Internet.
Azure ATP
https://portal.atp.azure.com/
Azure Advanced Threat Protection (Azure ATP) helps to detect and investigate advanced attacks and insider threats across on-premises, Cloud, and hybrid environments, stopping attackers from gaining access to your system. By taking information from multiple data sources, like the logs and events in your network, Azure ATP learns the behavior of your users and other entities within your organization and builds a behavioral profile about them. Then, when suspicious activity is detected, it alerts you via the Azure ATP workspace portal, so you can see those suspicious activities and confirm whether it is a potential attack or not.
Focusing on Identity Protection with following threats:
- Reconnaissance
- Lateral Movement
- Domain Dominance
Azure Advanced Threat Protection is available as part of the Enterprise Mobility + Security E5 bundle, the Microsoft 365 E5 bundle, or as a stand-alone SKU for $5.50 per user per month.
Windows Defender ATP
https://securitycenter.windows.com/
Windows Defender Advanced Threat Protection (Windows Defender ATP) integrates with Azure ATP to detect and protect against malicious activity, but its focus is on the end points – the actual devices being used. Working with existing Windows security technologies, like Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard, Windows Defender ATP detects sophisticated cyber-attacks by providing Cloud-powered, behaviour-based advanced attack detection.
Focusing on End Point Protection with following threats:
- Exploitation
- Installation
- Command and control channel
- Brute force an account
Windows Defender Advanced Threat Protection is sold as part of Windows 10 Enterprise E5 or as part of the Microsoft 365 E5 package.
O365 ATP
https://protection.office.com/
Office 365 Advanced Threat Protection is a cloud-based email filtering service that helps to protect your email, files, and Office 365 applications against potential attacks such as unsafe attachments and malicious links.
Traditional solutions like signature-based anti-virus might catch the known threats but cannot protect against unknown zero-day threats. This is where Advanced Threat Protection comes in to protect email.
Focusing on Email related protection with following threats:
- Emails Clicks
- Emails Attachment
- User Browses to a websiets
- User runs a program
Office 365 Advanced Threat Protection is sold a la carte, as part of the Office 365 E5 package, or as part of the Microsoft 365 E5 package. If you have a subscription to a qualifying Exchange or Office 365 plan, you can add Office 365 Advanced Threat Protection for $2 per user per month.
Difference between O365 Security & Compliance Center and O365 ATP